The present invention relates generally to mass data storage systems, and more specifically, relates to methods for verifying the integrity of command data sent to an ATA (Advanced Technology Attachment) or other storage device.
Host computers use peripheral data storage devices such as hard disk drives to store large amounts of data. The host computer typically communicates with the storage device over a cable, such as a ribbon cable, according to a particular interface. In the personal computer (PC) industry, the most common disk drive interface is currently the ATA (Advanced Technology Attachment) interface, also referred to as the IDE (Integrated Drive Electronics) interface. Several versions of the ATA interface have been developed over time, including ATA-1, ATA-2, ATA-3, ATA-4 (also known as Ultra DMA-33, in which xe2x80x9cDMAxe2x80x9d stands for Direct Memory Access), ATA-5 (also known as Ultra DMA-66), and Ultra DMA-6. Another common disk drive interface is SCSI (Small Computer Systems Interface).
One problem with mass storage systems is that data transmitted over the cable between the host computer and the storage device can be corrupted. Such corruption may occur, for example, as the result of radio frequency (RF) emissions from nearby components or appliances. To address this problem, existing interfaces commonly use parity or other error detection schemes to check for transmission errors. Some interfaces, however, such as the ATA interface, do not check for errors in the transmission of commands transmitted from the host computer to the storage device. As a result, a corrupted command may be executed by the storage device, potentially resulting in an unrecoverable loss of data.
The present invention addresses this and other problems related to the integrity of command data transmitted over a cable.
The present invention overcomes the above problems by implementing a process for verifying the integrity of command data written to a disk drive before such command data is used to execute a command. The process is implemented by a controller which controls the disk drive over a cable or other connector. The controller may be implemented within automated circuitry and/or firmware.
In accordance with the invention, the controller initially writes command data to the disk drive, and then reads back and verifies at least a portion of this data prior to initiating execution of the command. In ATA implementations, the command data read back from the drive and checked corresponds to selected registers and bits (preferably registers 2, 3, 4 and 5 in their entirety, and bits 3:0 of register 6) of the ATA command register block. If this command data is consistent with the command data written to the drive, the controller initiates execution of the command (by writing to register 7 in ATA implementations). If, on the other hand, the read-back command data is inconsistent with the written-out command data, the controller enters into an error state that prevents the potentially corrupt command data from being used by the drive. To further protect against transmission errors, the controller may, following execution of the command, read a status code from the drive more than once to reduce the likelihood of misread status information.
In one embodiment, the invention is incorporated into each of a set of automated ATA controllers of a disk array controller. Each such controller implements the host side of the ATA interface within automated circuitry. Preferably, each automated controller includes a command buffer for storing multiple command blocks, so that a new command block can be dispatched to the disk drive immediately following completion of a current command block.
The invention may also be used with interfaces other than the ATA interface, and may be used with peripheral storage devices other than hard disk drives.